mirror of
https://github.com/cesanta/mongoose.git
synced 2025-01-14 09:48:01 +08:00
Restore tickets support
This commit is contained in:
parent
9055a83b4f
commit
9ec48e41f7
56
mongoose.c
56
mongoose.c
@ -3788,6 +3788,7 @@ void mg_mgr_free(struct mg_mgr *mgr) {
|
||||
#if MG_ENABLE_EPOLL
|
||||
if (mgr->epoll_fd >= 0) close(mgr->epoll_fd), mgr->epoll_fd = -1;
|
||||
#endif
|
||||
mg_tls_ctx_free(mgr);
|
||||
}
|
||||
|
||||
void mg_mgr_init(struct mg_mgr *mgr) {
|
||||
@ -3812,6 +3813,7 @@ void mg_mgr_init(struct mg_mgr *mgr) {
|
||||
mgr->dnstimeout = 3000;
|
||||
mgr->dns4.url = "udp://8.8.8.8:53";
|
||||
mgr->dns6.url = "udp://[2001:4860:4860::8888]:53";
|
||||
mg_tls_ctx_init(mgr);
|
||||
}
|
||||
|
||||
#ifdef MG_ENABLE_LINES
|
||||
@ -6990,6 +6992,12 @@ size_t mg_tls_pending(struct mg_connection *c) {
|
||||
(void) c;
|
||||
return 0;
|
||||
}
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||
(void) mgr;
|
||||
}
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
(void) mgr;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef MG_ENABLE_LINES
|
||||
@ -7141,14 +7149,9 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_init(&tls->ticket);
|
||||
if ((rc = mbedtls_ssl_ticket_setup(&tls->ticket, mg_mbed_rng, NULL,
|
||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) != 0) {
|
||||
mg_error(c, " mbedtls_ssl_ticket_setup %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
mbedtls_ssl_conf_session_tickets_cb(&tls->conf, mbedtls_ssl_ticket_write,
|
||||
mbedtls_ssl_ticket_parse, &tls->ticket);
|
||||
mbedtls_ssl_conf_session_tickets_cb(
|
||||
&tls->conf, mbedtls_ssl_ticket_write, mbedtls_ssl_ticket_parse,
|
||||
&((struct mg_tls_ctx *) c->mgr->tls_ctx)->tickets);
|
||||
#endif
|
||||
|
||||
if ((rc = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
|
||||
@ -7188,6 +7191,35 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (n <= 0) return MG_IO_ERR;
|
||||
return n;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) calloc(1, sizeof(*ctx));
|
||||
if (ctx == NULL) {
|
||||
MG_ERROR(("TLS context init OOM"));
|
||||
} else {
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
int rc;
|
||||
mbedtls_ssl_ticket_init(&ctx->tickets);
|
||||
if ((rc = mbedtls_ssl_ticket_setup(&ctx->tickets, mg_mbed_rng, NULL,
|
||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) !=
|
||||
0) {
|
||||
MG_ERROR((" mbedtls_ssl_ticket_setup %#x", -rc));
|
||||
}
|
||||
#endif
|
||||
mgr->tls_ctx = ctx;
|
||||
}
|
||||
}
|
||||
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) mgr->tls_ctx;
|
||||
if (ctx != NULL) {
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_free(&ctx->tickets);
|
||||
#endif
|
||||
free(ctx);
|
||||
mgr->tls_ctx = NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef MG_ENABLE_LINES
|
||||
@ -7384,6 +7416,14 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (n <= 0) return MG_IO_ERR;
|
||||
return n;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||
(void) mgr;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
(void) mgr;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef MG_ENABLE_LINES
|
||||
|
12
mongoose.h
12
mongoose.h
@ -1180,6 +1180,7 @@ struct mg_mgr {
|
||||
unsigned long nextid; // Next connection ID
|
||||
unsigned long timerid; // Next timer ID
|
||||
void *userdata; // Arbitrary user data pointer
|
||||
void *tls_ctx; // TLS context shared by all TLS sessions
|
||||
uint16_t mqtt_id; // MQTT IDs for pub/sub
|
||||
void *active_dns_requests; // DNS requests in progress
|
||||
struct mg_timer *timers; // Active timers
|
||||
@ -1358,6 +1359,10 @@ long mg_tls_recv(struct mg_connection *, void *buf, size_t len);
|
||||
size_t mg_tls_pending(struct mg_connection *);
|
||||
void mg_tls_handshake(struct mg_connection *);
|
||||
|
||||
// Private
|
||||
void mg_tls_ctx_init(struct mg_mgr *);
|
||||
void mg_tls_ctx_free(struct mg_mgr *);
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1370,6 +1375,13 @@ void mg_tls_handshake(struct mg_connection *);
|
||||
#include <mbedtls/ssl.h>
|
||||
#include <mbedtls/ssl_ticket.h>
|
||||
|
||||
struct mg_tls_ctx {
|
||||
int dummy;
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_context tickets;
|
||||
#endif
|
||||
};
|
||||
|
||||
struct mg_tls {
|
||||
mbedtls_x509_crt ca; // Parsed CA certificate
|
||||
mbedtls_x509_crt cert; // Parsed certificate
|
||||
|
@ -228,6 +228,7 @@ void mg_mgr_free(struct mg_mgr *mgr) {
|
||||
#if MG_ENABLE_EPOLL
|
||||
if (mgr->epoll_fd >= 0) close(mgr->epoll_fd), mgr->epoll_fd = -1;
|
||||
#endif
|
||||
mg_tls_ctx_free(mgr);
|
||||
}
|
||||
|
||||
void mg_mgr_init(struct mg_mgr *mgr) {
|
||||
@ -252,4 +253,5 @@ void mg_mgr_init(struct mg_mgr *mgr) {
|
||||
mgr->dnstimeout = 3000;
|
||||
mgr->dns4.url = "udp://8.8.8.8:53";
|
||||
mgr->dns6.url = "udp://[2001:4860:4860::8888]:53";
|
||||
mg_tls_ctx_init(mgr);
|
||||
}
|
||||
|
@ -27,6 +27,7 @@ struct mg_mgr {
|
||||
unsigned long nextid; // Next connection ID
|
||||
unsigned long timerid; // Next timer ID
|
||||
void *userdata; // Arbitrary user data pointer
|
||||
void *tls_ctx; // TLS context shared by all TLS sessions
|
||||
uint16_t mqtt_id; // MQTT IDs for pub/sub
|
||||
void *active_dns_requests; // DNS requests in progress
|
||||
struct mg_timer *timers; // Active timers
|
||||
|
@ -27,3 +27,7 @@ long mg_tls_send(struct mg_connection *, const void *buf, size_t len);
|
||||
long mg_tls_recv(struct mg_connection *, void *buf, size_t len);
|
||||
size_t mg_tls_pending(struct mg_connection *);
|
||||
void mg_tls_handshake(struct mg_connection *);
|
||||
|
||||
// Private
|
||||
void mg_tls_ctx_init(struct mg_mgr *);
|
||||
void mg_tls_ctx_free(struct mg_mgr *);
|
||||
|
@ -21,4 +21,10 @@ size_t mg_tls_pending(struct mg_connection *c) {
|
||||
(void) c;
|
||||
return 0;
|
||||
}
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||
(void) mgr;
|
||||
}
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
(void) mgr;
|
||||
}
|
||||
#endif
|
||||
|
@ -144,14 +144,9 @@ void mg_tls_init(struct mg_connection *c, const struct mg_tls_opts *opts) {
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_init(&tls->ticket);
|
||||
if ((rc = mbedtls_ssl_ticket_setup(&tls->ticket, mg_mbed_rng, NULL,
|
||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) != 0) {
|
||||
mg_error(c, " mbedtls_ssl_ticket_setup %#x", -rc);
|
||||
goto fail;
|
||||
}
|
||||
mbedtls_ssl_conf_session_tickets_cb(&tls->conf, mbedtls_ssl_ticket_write,
|
||||
mbedtls_ssl_ticket_parse, &tls->ticket);
|
||||
mbedtls_ssl_conf_session_tickets_cb(
|
||||
&tls->conf, mbedtls_ssl_ticket_write, mbedtls_ssl_ticket_parse,
|
||||
&((struct mg_tls_ctx *) c->mgr->tls_ctx)->tickets);
|
||||
#endif
|
||||
|
||||
if ((rc = mbedtls_ssl_setup(&tls->ssl, &tls->conf)) != 0) {
|
||||
@ -191,4 +186,33 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (n <= 0) return MG_IO_ERR;
|
||||
return n;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) calloc(1, sizeof(*ctx));
|
||||
if (ctx == NULL) {
|
||||
MG_ERROR(("TLS context init OOM"));
|
||||
} else {
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
int rc;
|
||||
mbedtls_ssl_ticket_init(&ctx->tickets);
|
||||
if ((rc = mbedtls_ssl_ticket_setup(&ctx->tickets, mg_mbed_rng, NULL,
|
||||
MBEDTLS_CIPHER_AES_128_GCM, 86400)) !=
|
||||
0) {
|
||||
MG_ERROR((" mbedtls_ssl_ticket_setup %#x", -rc));
|
||||
}
|
||||
#endif
|
||||
mgr->tls_ctx = ctx;
|
||||
}
|
||||
}
|
||||
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
struct mg_tls_ctx *ctx = (struct mg_tls_ctx *) mgr->tls_ctx;
|
||||
if (ctx != NULL) {
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_free(&ctx->tickets);
|
||||
#endif
|
||||
free(ctx);
|
||||
mgr->tls_ctx = NULL;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
@ -11,6 +11,13 @@
|
||||
#include <mbedtls/ssl.h>
|
||||
#include <mbedtls/ssl_ticket.h>
|
||||
|
||||
struct mg_tls_ctx {
|
||||
int dummy;
|
||||
#ifdef MBEDTLS_SSL_SESSION_TICKETS
|
||||
mbedtls_ssl_ticket_context tickets;
|
||||
#endif
|
||||
};
|
||||
|
||||
struct mg_tls {
|
||||
mbedtls_x509_crt ca; // Parsed CA certificate
|
||||
mbedtls_x509_crt cert; // Parsed certificate
|
||||
|
@ -189,4 +189,12 @@ long mg_tls_send(struct mg_connection *c, const void *buf, size_t len) {
|
||||
if (n <= 0) return MG_IO_ERR;
|
||||
return n;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_init(struct mg_mgr *mgr) {
|
||||
(void) mgr;
|
||||
}
|
||||
|
||||
void mg_tls_ctx_free(struct mg_mgr *mgr) {
|
||||
(void) mgr;
|
||||
}
|
||||
#endif
|
||||
|
Loading…
x
Reference in New Issue
Block a user